73 Arrests with International eCommerce Fraud Initiative

Press Release

21 June 2017

The eCommerce Action 2017, a joint law enforcement operation which took place in 26 countries from 6-16 June 2017, resulted in the arrest of 73 professional fraudsters and members of internet-based criminal networks suspected of online fraud activities. The suspects were responsible for more than 20,000 fraudulent transactions with compromised credit cards, an estimated value exceeding EUR 5 million.

The eCommerce Action 2017 (eComm 2017) targeted the networks involved in this crime and the locations where illegally purchased goods had been delivered. Law enforcement and private sector formed teams for practical cooperation. The participating countries include: Austria, Belgium, Bulgaria, Croatia, Denmark, Estonia, Finland, France, Greece, Hungary, Ireland, Italy, Latvia, the Netherlands, Poland, Portugal, Romania, Slovakia, Spain, Sweden, and the United Kingdom. They received support and operational information from Canada, the US, Colombia, Iceland, and Georgia.

The Europol European Cybercrime Centre (EC3) coordinated this operation from its headquarters in The Hague, with direct assistance from payment card schemes, banks, logistic companies and eMerchants. EC3 also supported national authorities on-the-spot by providing analytical services to the Member States.

Results

Hundreds of packages from online shops were intercepted and more than 100 locations were searched, using information that had been previously submitted by eMerchants, payment, and logistic companies. The house searches led to the seizures of high-value goods, including electronic appliances, smartphones, tablets, watches, and clothing. The joint analysis method revealed criminal hot spots and organised criminal groups that attempted to bypass the various security measures of merchants and financial institutions.

The investigative measures also revealed that some of the suspects have been involved in other forms of crime, such as identity fraud, phishing, cyber-attacks, romance fraud, illegal use of stolen passports, illegal immigration, and money laundering.

Around 200 websites and social media accounts were used to broker fraudulently purchased electronic goods. The requests to have them taken down were sent to the hosting companies. Some of these criminally used social media platforms had more than 10,000 followers each. It is suspected that the followers formed potential customer bases for these organised crime groups. Taking down these accounts has a significant collaborative impact on the industry.

In one EU Member State, the police had found an organised crime group during the previous eComm Action in October 2016, and had conducted investigations into the group's activities over the past eight months. This resulted in the arrests of the key individuals of this group last week.

High Profit, Low Risk

The eComm 2017 is an operation created as a part of EMPACT Payment Card Fraud (PCF), led by Austria. This operation is a practical continuation of the work of the eCommerce Working Group, a private-public partnership network established in 2014 with the key stakeholders, including the Merchant Risk Council (MRC), a network of 480 member companies and organizations worldwide. This task force, created to combat card-not-present fraud, was established to ensure a safe online environment for world customers by sharing information and developing best practice between law enforcement and the private sector.

In the planning phase of the eComm 2017 earlier this year, Europol and MRC agreed to coordinate the law enforcement and merchant cooperation, respectively. Each participating law enforcement agency teamed up with their selected private sector partners to find organised crime groups of fraudsters by exchange of information and joint analytics.

Payment card fraud against online shops is considered as a high profit and low risk criminal activity with losses for the European sector exceeding EUR 1 billion annually. Investigative measures are very complex due to the virtual and international dimension of this crime. Cyber fraud is a top priority for Europol and law enforcement agencies across the European Union.

Steven Wilson, head of Europol's EC3, noted: "With the exchange of information and joint analysis work before the eComm 2017, law enforcement was able to find organised crime groups that have a significant negative impact on the security of Europe. By disrupting the activities of these groups, Europol and its partners are creating a more secure Europe for its citizens and businesses."

Úna Dillon, European Managing Director of the MRC stated: "It is critical for private sector companies, such as the MRC's merchant members, to work together with public sector law enforcement bodies to counteract the continuing growth in retail payment fraud. The cooperation and collaboration between Europol's EC3 and eCommerce merchants across Europe has shown how working together and sharing relevant intelligence can make a huge difference and can stop crime. The number of relevant arrests on this occasion is exceptional and a victory to those involved. The MRC will continue to support Europol on this important initiative."

eComm 2017

This is the second eComm initiative, following the eComm 2016 conducted by 10 European countries in October 2016. The working model of cooperation was developed by the eCommerce Working Group and the European Commission funded research project, OP Skynet, which was paired with the Dedicated Card and Payment Crime Unit, a specialized police unit in the UK. Together, these entities have laid the foundation of practical private-public-partnership in Europe.